2nd Workshop on Recent Advances on Intrusion-Tolerant Systems
In conjunction with the European Conference on Computer Systems - EuroSys 2008
April 1st, 2008
Turtles All the Way Down: Research Challenges in User-Based Attestation
Jonathan M. McCune
Carnegie Mellon University
Current trusted computing technologies allow computing devices to verify each other using attestation, but in a networked world, there is no reason to trust one computing device any more than another. Treating these devices as turtles, the user who seeks a trustworthy system from which to verify others quickly realizes that it's "turtles all the way down" because of the endless loop of trust dependencies. We need to provide the user with one initial turtle (the iTurtle) which is axiomatically trustworthy, thereby breaking the dependency loop. Further, the size of the software trusted computing base on today's computing devices is overwhelming. We argue that a mechanism for reducing the size is essential for extracting meaning from attestations and enabling an iTurtle to do its job. This talk will present some of the research challenges involved in designing and using an iTurtle, and in architecting systems to provide meaningful attestations to an iTurtle.